What is information security?

Question 1: Briefly describe the importance of information security. Information security itself covers a wide range. It is as big as national military and political secrets, and as small as preventing the secrets of commercial enterprises from leaking, preventing teenagers from browsing bad information and revealing personal information. The information security system under the network environment is the key to ensure information security, including computer security operating system, various security protocols, security mechanisms (digital signature, information authentication, data encryption, etc. ), even the security system, any one of which may threaten global security. Information security service should at least include the basic theory supporting information network security service and the network security service architecture based on the new generation information network architecture.

meaning

Actively promote information security level protection.

As a resource, information is of great significance to human beings because of its universality, enjoyment, value-added, treatability and versatility. The essence of information security is to protect the information resources in the information system or information network from all kinds of threats, interference and destruction, that is, to ensure the security of information. According to the definition of the International Organization for Standardization, the meaning of information security mainly refers to the integrity, availability, confidentiality and reliability of information. Information security is a problem that any country, department and industry must attach great importance to, and it is a national security strategy that cannot be ignored. However, for different departments and industries, their requirements and priorities for information security are different. China's reform and opening up has brought about a sharp increase in all aspects of information, which requires large-capacity and efficient transmission. In order to adapt to this situation, communication technology has experienced an unprecedented explosive development. At present, in addition to wired communication, short wave, ultrashort wave, microwave, satellite and other radio communications are also being more and more widely used. At the same time, in order to steal the secret information of China's politics, military affairs, economy, science and technology, foreign hostile forces use reconnaissance stations, reconnaissance ships, reconnaissance planes, satellites and other means to form a three-dimensional reconnaissance network that combines fixed and mobile, long distance and short distance, air and ground, and intercept the information in China's communication transmission. Understanding the inside story of a society from literature has long been commonplace. In the last 50 years of the 20th century, it became easier and easier to know the inside story of a society from the computers to which it belongs. Organizations and individuals are implementing information security strategies.

More and more things are entrusted to computers, sensitive information is being transmitted between computer systems through fragile communication lines, special information is stored in computers or transmitted between computers, electronic banking enables financial accounts to be consulted through communication lines, law enforcement agencies learn criminal records from computers, and doctors use computers to manage medical records. Of all these, the most important problem is that information cannot be transmitted without taking measures to prevent illegal (unauthorized) access. There are many ways to transmit information, including local computer network, Internet and distributed database, cellular wireless, packet-switched wireless, satellite video conference, email and other transmission technologies. In the process of information storage, processing and exchange, there is the possibility of disclosure or interception, eavesdropping, tampering and forgery. It is not difficult to see that a single security measure can hardly guarantee the security of communication and information. We must comprehensively use various security measures, that is, through technical, management and administrative means, to protect sources, signals and information, so as to achieve the purpose of secret information security.

Question 2: What are the three basic attributes of information security? The basic attributes of information security are mainly manifested in the following five aspects:

(1) confidentiality

In other words, ensure that information is enjoyed by authorized people and not leaked to unauthorized people.

(2) Integrity

That is, to ensure that information is transmitted from the real sender to the real receiver, and will not be added, deleted or replaced by illegal users during the transmission process.

(3) Availability (availability)

That is, to ensure that the information and information system can provide services to the authorized person at any time, and to ensure that the legitimate users' use of information and resources will not be unreasonably rejected.

④ Controllability.

That is, for the benefit of the country and institutions and the needs of social management, it is necessary to ensure that managers can control and manage information to combat social crimes and foreign enemies.

(5) Non-repudiation

In other words, people should be responsible for their own information behavior, provide information evidence of notarization and arbitration, and ensure social management according to law.

This should be a relatively new definition, which is also my major. The basic attribute is confidentiality! Honesty! There is no denying it! !

Question 3: Briefly describe the five basic elements of computer information security? Availability: Authorized entities can access resources and services when needed. Availability means that the information system must be available at any time when users need it, which means that the information system cannot refuse service. The most basic function of the network is to provide users with needed information and communication services, and the communication needs of users are random and multifaceted (voice, data, text and images, etc.). ), and sometimes timeliness is required. The network must meet the communication needs of users at any time. Attackers usually use resources to hinder the work of authorizers. Access control mechanism can be used to prevent unauthorized users from entering the network, thus ensuring the availability of the network system. Enhancing usability also includes how to effectively avoid system failures caused by various disasters (wars, earthquakes, etc.). ).

Reliability: Reliability refers to the probability that the system completes the specified functions under the specified conditions and within the specified time. Reliability is one of the most basic requirements of network security. If the network is unreliable and accidents continue, there is no way to talk about network security. At present, the research on network reliability basically focuses on hardware reliability. Developing high-reliability components and equipment and taking reasonable redundant backup measures are still the most basic reliability countermeasures. However, there are many failures and accidents related to software reliability, personnel reliability and environmental reliability.

Integrity: The characteristic that information cannot be destroyed by accidental or intentional deletion, modification, forgery, disruption, replay and insertion. Only authorized people can modify the entity or process and judge whether the entity or process has been tampered with. In other words, unauthorized third parties cannot modify the content of the information. Information will not be modified or destroyed during storage or transmission, and there will be no loss or disorder of packets.

Confidentiality: Confidentiality refers to ensuring that information will not be exposed to unauthorized entities or processes. In other words, unauthorized third parties will not know the content of the information. The information here includes not only state secrets, but also work secrets and business secrets of various social groups and enterprises, personal secrets and personal secrets (such as browsing habits and shopping habits). Security technology to prevent information theft and disclosure is called secrecy technology.

Undeniability: Also called undeniability. Non-repudiation is the security requirement that the information of both parties (people, entities or processes) is true and the same, which includes the non-repudiation of the receiver and the sender. One is the certificate of origin, which provides evidence for the information receiver, which will make the sender's attempt to lie that he did not send the information or deny its content unsuccessful; The second is the proof of delivery, which is provided to the sender of the information to prove that this will make the receiver's attempt to falsely claim that he has not received the information or deny its content impossible.

Question 4: Briefly describe what is information security level protection and what are the specific levels of information system security level protection? Classified security protection refers to the proprietary information of national security, legal persons, other organizations and citizens and the information systems that store, transmit and process these information, classified management of information security products used in information systems, and graded response and disposal of information security incidents in information systems.

Grade protection is divided into five grades, with the lowest grade and the highest grade being five:

The first level: user independent protection level;

The second level: system audit protection level;

Level 3: protection level of safety factory records;

The fourth level: structured protection level;

Level 5: Access Authentication Protection Level "

As for the simple metaphor of each level of explanation, you can think so. Generally, the general system at the county level is about 1-2, and the city level is above 2, and the important points are about 3. Most ministries and agencies have at most 3 levels, and the important points are at most 4 levels, but not many. The national ministries and commissions began to have level 4 or above, and Guoan had level 5. This explanation is more intuitive.

Question 5: Please briefly describe the common information security protection methods:

1, disable unnecessary services; 2. According to the patch; 3. Install safety protection articles; 4. Improve safety awareness; 5. Develop good habits; 6. Back up the data in time.

Question 6: Briefly describe the characteristics of information security;

-Offensive and defensive features: the offensive and defensive techniques are upgraded alternately.

-Relativity: Information security is always relative, as long as it is sufficient.

-Supporting characteristics: Information security is always a foil role, not for security, but for the application of security.

-Dynamic: Information security is a continuous process.

Six aspects of information security:

-Confidentiality (c): the characteristic that information will not be disclosed to unauthorized users, entities or programs.

-Integrity (I, integrity): the characteristic of data that cannot be changed without authorization, that is, information remains unchanged, not destroyed or lost during storage or transmission.

-Availability (a): the feature that can be accessed by authorized entities and used as needed, that is, the required information should be accessible when needed.

-Authenticity: the authenticity of the content

Verifiability: Access control is controllable if it has the ability to control the dissemination and content of information.

-Reliability: System reliability

Question 7: What is network management? Network management is a necessary means to ensure the safe, reliable, efficient and stable operation of the network. CIMS network management ensures the effective implementation of CIMS network services by monitoring, analyzing and controlling CIMS networks. With the expansion of network scale and the increase of network complexity, network management has become an indispensable part of the whole network system. From the use point of view, the network management system should meet the following requirements:

① Ability to support network monitoring at the same time;

② Ability to manage all network protocols;

③ The largest possible management scope;

(4) As little system overhead as possible;

⑤ Ability to manage networking equipment of different manufacturers;

⑥ Adapt to different network management systems.

At present, the standards of network management mainly include CIMP of OSI and SNMP of IETF. Essentially, SNMP is a simplification of CIMP. With the development of Internet and the wide application of intranet in enterprises, SNMP of IETF has become the main protocol of enterprise network management. According to the network management framework of OSI and the network characteristics of CIMS, CIMS network management system must have the following functions:

(1) Fault management is a basic network management function, which is related to fault detection, fault diagnosis and recovery. Its purpose is to ensure that the network can provide continuous and reliable services. The unexpected interruption of CIMS network service will often have a great impact on the production and operation of enterprises. Moreover, in the CIMS network of large enterprises, it is often difficult to determine the fault point when a fault occurs, which requires fault management to provide a set of methods and tools to gradually isolate and finally locate the fault. A good fault management system should be able to find faults in time (including finding potential faults through analysis and statistics) and accurately locate fault points.

(2) Configuration Management CIMS network consists of various devices with different functions and attributes. Configuration management is to define, collect, monitor and manage the parameters of these devices. By dynamically modifying and configuring the parameters of these devices, the performance of the whole network is optimized. Configuration management functions at least include identifying the topological structure of the managed network, identifying various objects in the network, automatically modifying the configuration of equipment, and dynamically maintaining the network configuration database.

(3) Performance management Performance management mainly includes traffic management and routing management. By collecting, analyzing and counting all kinds of network information (traffic, users, access resources and access frequency, etc. ), the load of the whole network is balanced, the network traffic is reasonably distributed, the utilization rate of network resources and the throughput of the whole network are improved, and network overload and deadlock are avoided.

(4) billing management billing management is mainly to record the use of network resources, calculate the cost of using network resources, and control users to occupy network resources too much, so as to achieve the purpose of improving network efficiency. In the case of paid use of network resources, the billing management function can count which users used which communication line to transmit how much information and which resources they accessed, so billing management is an important network management function of commercial computer networks.

(5) Security Management The main purpose of network security management is to ensure that network resources are not illegally used and that the network management system itself is not accessed without authorization. Network security management mainly includes authorization management, access control management, security check tracking and event handling.

ISO defines five functions of network management in ISO/IEC 7498-4 document, which is widely accepted. These five functions are:

1. Fault management

Fault management is one of the most basic functions in network management. Users want to have a reliable computer network. When a component in the network has a problem, the network administrator must quickly find the fault and eliminate it in time.

2. Billing management

It is used to record the usage of network resources, with the purpose of controlling and detecting the cost and expense of network operation, which is especially important for some public commercial networks.

3. Structural management

Configuration management is equally important. It is responsible for initializing the network and configuring the network to provide network services.

4. Performance management

It goes without saying that performance management estimates the operation and communication efficiency of system resources.

5. Safety management

Security has always been one of the weak links in the network, and users have high requirements for network security. ...& gt& gt

Question 8: A brief answer to computer network security 1. (1) The firewall excludes unauthorized users from the protected network, prohibits services that endanger security from entering or leaving the network, and prevents all kinds of IP theft and routing attacks.

(2) Firewalls can monitor security-related events.

(3) Firewall can provide a convenient platform for several Internet services unrelated to security.

(4) Firewall can be used as the platform of IPSec.

2. Clear text: the message that needs to be hidden.

Ciphertext: plaintext is converted into another hidden form, which is called ciphertext.

Key: Determine the mapping from plaintext to ciphertext. The key used in the encryption algorithm is the encryption key and the key used in the decryption algorithm is the decryption key.

Encryption algorithm: A set of rules adopted when encrypting plaintext.

Decryption algorithm: Rules used to decrypt ciphertext.

3. The principle of intrusion detection technology:

(1) Monitor and analyze user and system activities;

(2) Audit of system structure and weakness;

(3) Identify the activity patterns that reflect the known attacks and give an alarm to relevant personnel;

(4) Statistical analysis of abnormal behavior patterns;

(5) Assessing the integrity of important systems and data files;

(6) Audit the tracking management of the operating system and identify the user's violation of security policies.

4. Computer virus: A program that can "infect" other programs by modifying them. The modified program contains a copy of the virus program and can continue to infect other programs.

five

Analysis of technical development trend

1. Development trend of firewall technology

In the era of mixed attacks, a single-function firewall can no longer meet the needs of business, but has multiple security functions. Based on the technology of application protocol layer defense, low false alarm rate detection, high reliability and high performance platform and unified component management, the advantages will be more and more manifested, and UTM(unifiedtreatmanagement) technology came into being.

From the definition of the concept, UTM not only puts forward the form of specific products, but also covers a more profound logical category. From the first half of the definition, the multi-functional security gateway, integrated security gateway and integrated security device proposed by many manufacturers all conform to the concept of UTM; From the second half, the concept of UTM also reflects the deep understanding of security management and the in-depth study of the usability and linkage ability of security products after years of development in the information security industry.

The function of UTM is shown in figure 1. Because UTM equipment is a series safety equipment, UTM equipment must have good performance and high reliability. At the same time, under the unified product management platform, UTM integrates many product functions such as firewall, VPN, gateway anti-virus, IPS, denial of service attack and so on. , to achieve various defense functions. Therefore, the evolution to UTM will be the development trend of firewall. UTM equipment shall have the following characteristics.

(1) network security protocol layer defense. As a simple 2-4 layer protection, firewall mainly protects and controls static information such as IP and ports, but the real security can't just stay at the bottom. We need to build a higher, stronger and more reliable wall. In addition to the traditional access control, it is also necessary to comprehensively detect and control external threats such as spam, denial of service and hacker attacks, and realize the protection of seven-layer protocols, not just two to four layers.

(2) Reduce the false alarm rate through classified detection technology. Once the false alarm rate of gateway devices in series is too high, it will bring disastrous consequences to users. The concept of IPS was put forward in 1990s, but at present, the deployment of IPS in the world is very limited, and an important issue affecting its deployment is the false alarm rate. Classification detection technology can greatly reduce the false alarm rate. According to different attacks, different detection technologies are adopted, such as anti-denial of service attack, anti-worm and hacker attack, anti-spam attack, anti-illegal SMS attack and so on. So as to significantly reduce the false positive rate.

(3) Supported by high reliability and high performance hardware platform.

(4) Integrated and unified management. Because UTM devices integrate multiple functions, there must be a platform that can be controlled and managed uniformly, so that users can manage it effectively. In this way, the equipment platform can be standardized and extensible, and users can manage components on a unified platform. At the same time, integrated management can also eliminate information islands caused by the inability to communicate between information products, thus coping with various ... >:>

Question 9: Briefly describe the differences between the concepts of computer security, network security and information security and the definition of computer security.

The definition of the International Computer Security Standardization Committee is for the technical and management safety of data processing systems, and to protect computer hardware, software and data from being destroyed, changed or exposed by accidents or malicious reasons.

The definition of the National Computer Security Center of the US Department of Defense is: To discuss computer security, we must first discuss the statement of security requirements. Generally speaking, the security system will use some special security functions to control the access to information, and only properly authorized people or processes can read, write, create and delete this information in their name.

The definition of Computer Management and Supervision Department of China's Ministry of Public Security is: Computer security refers to the security of computer assets, that is, computer information system resources and information resources are not threatened and endangered by natural and man-made harmful factors.

Definition of network security

The definition of computer system security by the International Organization for Standardization (ISO) is: technical and management security protection of data processing systems, and protection of computer hardware, software and data from accidental and malicious reasons. Therefore, the security of computer network can be understood as: by taking various technical and management measures, the network system can operate normally, thus ensuring the availability, integrity and confidentiality of network data.

information security

Information security itself covers a wide range. It is as big as national military and political secrets, and as small as preventing the secrets of commercial enterprises from leaking, preventing teenagers from browsing bad information and revealing personal information. The information security system under the network environment is the key to ensure information security, including computer security operating system, various security protocols, security mechanisms (digital signature, information authentication, data encryption, etc. ), even the security system, any one of which may threaten global security. Information security service should at least include the basic theory supporting information network security service and the network security service architecture based on the new generation information network architecture.

Information security is a comprehensive subject involving computer science, network technology, communication technology, cryptography technology, information security technology, applied mathematics, number theory, information theory and other disciplines.